Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

New generation of bank Trojans can make invisible transfers

Scripts being used to hide evidence from users

Article comments

Improved online bank security has driven cybercriminals to start using a type of Trojan tool that automates money theft from compromised accounts in ways that are invisible to account holders, Trend Micro has discovered.

Established man-in-the-middle bank Trojan attacks – by Zeus and SpyEye for instance – finesse bank transfer credential requests by splashing bogus credential screens at users. According to Automatic Transfer System, a New Cybercrime Tool a way has been found to hide even this activity from users using what Trend dubs Automatic Transfer Systems (ATS).

These are Javascript and HTML web-injection scripts of varying complexity and are now being used to perform tasks such as account query and transfers without the need for user interaction.

What this means is that bank Trojan attacks can display misleading account balances and hide illegal transactions from account holders, greatly delaying the discovery of thefts.

A fascinating dimension of the ATS story is that these scripts require bank-by-bank customisation by a dedicated coder who has access to an account on the targeted bank.

This is provided by an aftermarket of mostly East European programmers who sell their skills at what can be a tricky undertaking – one mistake and the attack will quickly fail – to cybercriminals willing to pay.

How successful is the new method? In many cases not very, but that’s true of all Trojan attacks; banks detect transfers as unusual whether they were authorised or not, and block them. However, Trend said it had seen others where sizable sums had made it into mule accounts, that is legitimate cover accounts inside the targeted institution used as intermediaries.

At the moment, banks in the UK, Germany and Italy were the most attacked by ATS, a reflection of the extra security layers such as two-factor authentication that had been adopted in these countries.

“ATS infection is difficult to determine since ATSs silently perform fraudulent transactions in the background. It is, therefore, a good practice to frequently monitor banking statements using methods other than doing so online (i.e., checking balances over the phone or monitoring bank statements sent via mail),” said Trend Micro researcher, Loucif Kharouni.

Trend’s answer to the ATS menace is yet more security software. Not everyone agrees. A University of Cambridge analysis earlier this week suggested that a more cost-effective strategy would be for countries to bolster that trifling sums currently spent on chasing and prosecuting cybercriminals.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *